CN102769621B - Real user identity-oriented host moving method - Google Patents
Real user identity-oriented host moving method Download PDFInfo
- Publication number
- CN102769621B CN102769621B CN201210254396.3A CN201210254396A CN102769621B CN 102769621 B CN102769621 B CN 102769621B CN 201210254396 A CN201210254396 A CN 201210254396A CN 102769621 B CN102769621 B CN 102769621B
- Authority
- CN
- China
- Prior art keywords
- main frame
- identifier
- network
- described main
- user identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a real user identity-oriented host moving method. The method comprises the following steps that: when accessing a first network from an off-line state, a host interacts with an identifier server in the first network to verify whether the user identity of the host is legal or not, and if the user identity of the host is legal, the identifier server in the first network generates a host identifier by using user identity information and generates an Internet protocol version 6 (IPv6) address of the host in the first network based on the host identifier; and when moving from the first network to a second network, the host interacts with an identifier server in the second network to verify whether the user identity and the host identifier are legal or not, and if the user identity and the host identifier are legal, the identifier server in the second network generates the IPv6 address of the host in the second network based on the host identifier. According to the method, the problem of insufficient security of the IPv6 address in the prior art is solved by embedding the identifier which is generated by using the user identity information into the IPv6 address, and the identifier is prevented from being forged.
Description
Technical field
The present invention relates to Internet technical field, particularly relate to a kind of host mobility method towards real user identity.
Background technology
The technology that a class supports host mobility is there is in current internet, by distributing the continuation that geostationary identifier maintains transport layer session for end host, safeguard the mapping of identifier to IP address in a network simultaneously, realize IP address-based transfer of data.
But in these class methods, user can reach the object of forging own identification by forging source identifier, makes this kind of mobility method there is certain safety issue.
Mark/location network agreement (Identifier-Locator Network Protocol, be called for short ILNP) method using IPv6 address rear 64 as host identification, but the method lacks corresponding security mechanisms to ensure the legitimacy of this identifier.User can generate arbitrary mark and for transfer of data on main frame, thus makes to forge identifier and become possibility.
Host identity protocol (Host Identity Protocol, being called for short HIP) the method cryptographic Hash of PKI in a pair public private key pair is as host identification, and use the legitimacy ensureing source identifier based on cryptographic mechanism, this method can stop the forgery phenomenon of identifier, but required encryption/decryption processes is larger concerning expense main frame or the network equipment.
Source address certification improves (Source Address Validation Improvements, being called for short SAVI) technology is by verifying the source address that main frame sends out message on network devices, may be used for the generation preventing forgery of source address, bring less checking expense simultaneously.But the modes such as the acquisition of hostid, propagation, maintenance and IP address differ greatly, and cannot directly utilize source address validation technology to realize the checking of identifier.
As can be seen here, need a kind of method to solve the problem, identifier can either be utilized to realize host mobility, the method for relative lightweight can be used to ensure the fail safe of identifier again.
Summary of the invention
One of technical problem to be solved by this invention needs to provide a kind of identifier that can either utilize to realize host mobility, the method for relative lightweight can be used to ensure a kind of fail safe of identifier, host mobility method towards real user identity again.
In order to solve the problems of the technologies described above, the invention provides a kind of host mobility method towards real user identity, the method comprises: procedure to apply, when main frame accesses to first network from off-line state, whether the identifier server in described main frame and described first network carries out mutual legal to verify the user identity of described main frame, if the result is that described user identity is legal, then perform following steps: the identifier server in described first network utilizes described subscriber identity information to generate the identifier of described main frame, then based on described identifier to generate the IPv6 address of described main frame in first network, confirm step, when described main frame moves to second network from described first network, whether the identifier server in described main frame and described second network carries out mutual legal with the identifier of the user identity and described main frame of verifying described main frame, if described user identity and described identifier all legal, then the identifier server in described second network based on described identifier to generate described main frame IPv6 address in the second network.
Host mobility method according to a further aspect in the invention, identifier server in described main frame and described first network carries out mutual to verify in the step whether user identity of described main frame is legal, further comprising the steps: the subscriber identity information of self is sent to the identifier server in described first network by described main frame; Identifier server in described first network judge described subscriber identity information whether with the information match in database, wherein, if judged result is coupling, then the result is that described user identity is legal; Otherwise the result is that described user identity is illegal.
Host mobility method according to a further aspect in the invention, described subscriber identity information is mapped as the character string of preseting length using the identifier as described main frame by the identifier server in described first network.
Host mobility method according to a further aspect in the invention, combines the character string of described preseting length with the network prefix of first network to generate the IPv6 address of described main frame in first network; Or, the character string of described preseting length is combined with the network prefix of second network generate described main frame IPv6 address in the second network.
Host mobility method according to a further aspect in the invention, described subscriber identity information is mapped as the character string of preseting length using in the step of the identifier as described main frame by the identifier server in described first network, further comprising the steps: utilize MD5 Message Digest 5 to carry out Hash operation to obtain string of binary characters to described subscriber identity information; Stochastic generation one key; Based on described key, choose the string of binary characters equal with described preseting length using the identifier as described main frame from described string of binary characters, wherein, described key is a string of binary characters, and wherein the number of binary number 1 is equal with preseting length.
Host mobility method according to a further aspect in the invention, after the described procedure to apply of execution, also comprises: storing step, is stored in database by the binding relationship of the user identity of the identifier of described main frame and described main frame.
Host mobility method according to a further aspect in the invention, identifier server in described main frame and described second network carries out in the mutual step whether legal with the identifier of the user identity and described main frame of verifying described main frame, and the described subscriber identity information of self and described identifier are sent to the identifier server in described second network by described main frame; Identifier server in described second network judge the binding relationship of described identifier and described user identity and described subscriber identity information whether with the information match in database, wherein, if judged result is coupling, then the result is that described user identity and described identifier are all legal; Otherwise the result is that described user identity and described identifier are illegal.
Host mobility method according to a further aspect in the invention, also comprise: that monitors between described main frame and described identifier server is mutual, the binding relationship of the IPv6 address that the access device port connect the MAC Address of described main frame, described main frame and described identifier server generate stores.
Host mobility method according to a further aspect in the invention, it is characterized in that, when described main frame uses IPv6 address to carry out message communication, whether binding relationship, the IPv6 address detected in described message of the access device port that Host Based MAC Address, main frame connect and the IPv6 address that identifier server generates are forge address, wherein, if testing result is the IPv6 address in described message is forge address, then abandon described message.
Compared with prior art, one or more embodiment of the present invention can have the following advantages by tool:
The inventive method embeds in IPv6 address by the identifier will generated by subscriber identity information, to overcome the problem that IPv6 address of the prior art lacks fail safe, thus the generation preventing identifier from forging.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in specification, claims and accompanying drawing and obtain.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, with embodiments of the invention jointly for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the schematic flow sheet of the host mobility method towards real user identity according to the embodiment of the present invention;
Fig. 2 is the schematic flow sheet for application IP addresses operation according to the embodiment of the present invention;
Fig. 3 is the schematic flow sheet for Address Confirmation operation according to the embodiment of the present invention.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, to the present invention, how application technology means solve technical problem whereby, and the implementation procedure reaching technique effect can fully understand and implement according to this.It should be noted that, only otherwise form conflict, each embodiment in the present invention and each feature in each embodiment can be combined with each other, and the technical scheme formed is all within protection scope of the present invention.
In addition, can perform in the computer system of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
It should be noted that, in embodiments of the present invention, deploy a global data base, this database, for storing subscriber identity information and the hostid corresponding with subscriber identity information, deploys multiple identifier server for being host assignment hostid simultaneously.
Identifier server can by the identity information of mutual its user of acquisition and the hostid of current use with main frame, and by with the mutual confirmation subscriber identity information of database and the legitimacy of hostid, also can by producing new hostid at local runtime algorithm and issue, simultaneously by it stored in database.
Fig. 1 is the schematic flow sheet of the host mobility method towards real user identity according to the embodiment of the present invention, below with reference to Fig. 1, describes each step of the present embodiment in detail.
Step S110, when main frame accesses to first network from off-line state, whether the identifier server in main frame and first network carries out mutual legal to verify the user identity of main frame.
Particularly, if the result is that user identity is legal, then perform following steps: the identifier server in first network utilizes subscriber identity information to generate the identifier of main frame, then based on identifier to generate the IPv6 address of main frame in first network.
This step is that the main frame of access network first obtains a new IPv6 address, namely by with the mutual acquisition of the local identifier server IPv6 address towards real user identity for this main frame.This step is under static scene, carry out the process of IPv6 application IP addresses, and Fig. 2 is the schematic flow sheet for application IP addresses operation according to the embodiment of the present invention, below with reference to Fig. 2, further illustrates this step.
As shown in Figure 2, first, the subscriber identity information of self is sent to the identifier server in first network by main frame, identifier server in first network judge subscriber identity information whether with the information match in database, wherein, if judged result is coupling, then the result is that user identity is legal; Otherwise the result is that user identity is illegal.
Particularly, when main frame is from off-line state access network, client host can by the authentication protocol (not limiting concrete protocol) of a safety by information notification identifier server such as the username and passwords of self, after identifier server obtains subscriber identity information, to its legitimacy of database identification.
If legal, then the information MAP of user identity is that the character string of preseting length is using the identifier as main frame by the identifier server in first network.If illegal, then refusal is host assignment IPv6 address.
Preferably, in embodiments of the present invention, by the information MAP of user identity be as follows the character string of preseting length using the identifier as main frame: utilizing MD5 Message Digest 5, Hash operation is carried out to obtain string of binary characters to the information of user identity; Stochastic generation one key; Based on key, choose the string of binary characters equal with preseting length using the identifier as main frame from string of binary characters, wherein, key is a string of binary characters, and wherein the number of binary number 1 is equal with preseting length.
In embodiments of the present invention, server uses the MD5 Message Digest 5 pair subscriber identity information corresponding with user name to carry out Hash operation, and 01 Bit String obtaining 128 is designated as Q1, then random selecting 64 marks as main frame wherein in order.
Preferably, stochastic generation key can be passed through, 64 that then choose in Q1 according to the key marks being used as main frame.Particularly, such as, generate the 01 Bit String Q2 of 128, wherein random selecting 64 position 1 in Bit String Q2, remain 64 positions 0, value corresponding for the position in Q1 with Q2 value being 1 is taken out as hostid, as the 65th to 128 of IPv6 address, record the corresponding relation of hostid and subscriber identity information simultaneously, and using Bit String Q2 as key key1.
For example, if subscriber identity information is " 41092219840310xxxx ", server uses MD5 Message Digest 5 to the 01 Bit String Q1 " 101010-0010100001100011001110111000001111001011101001110 00,011,011,000,101,011,011,011,011,011,111,010,101,000,011,000,011,110,000 10001000000101111 " obtaining 128 after its computing, then 01 Bit String Q2 " 11,111,111,110,100,001,010,010,001,100,110,010,111,001,001,001,100,100,111 00,001,100,100,110,000,111,100,010,010,011,001,110,000,011,111,110,000,011 1111100001111000 " of stochastic generation one 128,64 are wherein had to be 1 in Q2, in Q1 with Q2 value be 1 position same position on numeral take out, namely 01 Bit String " 10,101,000,100,101,111,100,110,010,010,001,001,110,111,101,011,000,011,010 00100101 " of 64 is generated as the 65-128 position of IPv6 address, character string Q2 is key key1.
For example, identifier server produces the string of a 64bit length as hostid utilizing user profile locally through above-mentioned algorithm, latter 64 of i.e. IPv6 address, in conjunction with local subnet 64bit prefix, the IPv6 address of complete 128bit length is returned to main frame as the address of main frame in first network.Such as, the string (hostid) of the 64bit length drawn is 9c91:fb50:e2ab:8410, and local subnet prefix is 2001:da8:200:9002, then the complete IPv6 address in conjunction with generation is 2001:da8:200:9002:9c91:fb50:e2ab:8410.
Then, by corresponding (binding) relational storage of this hostid and user identity in database.Such as, the IPv6 address that identifier server returns to user is 2001:da8:200:9002:9c91:fb50:e2ab:8410, then should safeguard corresponding user name and the binding relationship of identifier (9c91:fb50:e2ab:8410) in database.
User identity and its IP address information can be got up by above step, thus for the identifier certification realizing user oriented identity provide basis.
It should be noted that, in the process of carrying out distributing IP v6 address, as shown in Figure 2, by utilizing SAVI equipment to monitor interaction flow between client host and identifier server, and the binding relationship of the MAC Address of the IPv6 address of distribution and the SAVI device port that this main frame is connected and this main frame is stored in local filter table by this SAVI equipment.
Particularly, open access switch (or other access devices of SAVI function, as WAP (wireless access point) etc.) in local maintenance filter table, if this equipment smells the complete IPv6 address visited and issue to identifier server to main frame, under being then kept at the port opening SAVI function, the host MAC address be directly connected with it, the upper binding connecting switch ports themselves and IP address, and accordingly IP message is filtered.
Like this, in the subnet opening SAVI function, the information such as hostid and corresponding MAC Address, port bind by SAVI equipment, provide the foundation for filtering the message forging identifier.Utilize the technology such as SAVI, by the certification of IPv6 source address, realize the identifier certification of lightweight, thus the generation preventing identifier from forging.
Step S120, in first network, when main frame uses the IPv6 distributed to carry out message communication, whether IPv6 address entrained in SAVI equipment Inspection message is forge address.
Particularly, as shown in Figure 2, after main frame obtains the IPv6 address of identifier server distribution, this address is used to carry out normal data communication, SAVI switch (or other access devices, as WAP (wireless access point) etc.) binding relationship of the IPv6 address that generates of the access device port that connects of Host Based MAC Address, main frame and identifier server, detect whether look into the IPv6 source address of carrying in message be forge address, if so, then will forge the packet loss of address.
Step S130, when main frame moves to second network from first network, whether the identifier server in main frame and second network carries out mutual legal with the identifier of the user identity and main frame of verifying main frame.
Particularly, if user identity and identifier are all legal, then the identifier server in second network based on identifier to generate main frame IPv6 address in the second network.
It should be noted that, main frame disconnects from a subnet, and after accessing another subnet, need operate the legitimacy ensureing to continue to use original host identifier (obtaining in step s 110) by Address Confirmation.Be used as hostid by latter 64 of distributed IPv6 address, require that latter 64 of the IPv6 address that main frame uses in mobile front and back remain unchanged, thus the continuation of transport layer session under supporting mobile context.
Fig. 3 is the schematic flow sheet operated for this step according to the embodiment of the present invention, below with reference to Fig. 3, further illustrates this step.
As shown in Figure 3, after host mobility accesses new subnet, again with access after subnet in the mutual and checking of completing user identity of identifier server, confirm the legitimacy of original host identification to identifier server request simultaneously.
Particularly, the subscriber identity information of self and identifier are sent to the identifier server in this subnet by main frame, identifier server in this subnet judge the binding relationship of identifier and user identity and subscriber identity information whether with the information match in database, wherein, if judged result is coupling, then the result is that user identity and described identifier are all legal; Otherwise the result is that user identity and identifier are illegal.
If user identity and identifier are all legal, then this identifier is combined generate the IPv6 address of main frame in this subnet with the prefix of this subnet.If user identity is illegal, or the identifier of host request non-host had, and identifier server refusal is this host assignment IPv6 address.
Can using this identifier latter 64 as IPv6 address, and be combined with local subnet 64 prefixes and generate complete IPv6 address.Such as, the identifier of host request is 9c91:fb50:e2ab:8410, and local subnet prefix is 2001:da8:200:9001, then the complete IPv6 address in conjunction with generation is 2001:da8:200:9001:9c91:fb50:e2ab:8410.
Then, the address generated in new subnet is returned to main frame by identifier server.
It should be noted that, carry out in the process of distributing IP v6 address at host mobility to new subnet, also need by utilizing SAVI equipment to monitor interaction flow between client host and identifier server, and the binding relationship of the MAC Address of the IPv6 address of distribution and the SAVI device port that this main frame is connected and this main frame is stored in local filter table by this SAVI equipment.
Step S140, after main frame obtains IPv6 address again, when using this address to carry out data message communication, whether IPv6 address entrained in SAVI equipment Inspection message is forge address.
As shown in Figure 3, main frame uses this address to proceed normal data communication after again obtaining the IPv6 address of identifier server distribution.SAVI switch (or other access devices, as WAP (wireless access point) etc.) check the IPv6 source address of carrying in message, and will the packet loss of address be forged.
The embodiment of the present invention is carried out binding by identifier user identity and main frame obtained and is obtained IPv6 address, both can ensure the constant of identifier after host mobility, can utilize again the legitimacy of the method validation identifier of comparatively lightweight.
Those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Although the execution mode disclosed by the present invention is as above, the execution mode that described content just adopts for the ease of understanding the present invention, and be not used to limit the present invention.Technical staff in any the technical field of the invention; under the prerequisite not departing from the spirit and scope disclosed by the present invention; any amendment and change can be done what implement in form and in details; but scope of patent protection of the present invention, the scope that still must define with appending claims is as the criterion.
Claims (9)
1., towards a host mobility method for real user identity, it is characterized in that, comprising:
Procedure to apply, when main frame accesses to first network from off-line state, whether the identifier server in described main frame and described first network carries out mutual legal to verify the user identity of described main frame,
If the result is that described user identity is legal, then perform following steps:
Identifier server in described first network utilizes described subscriber identity information to generate the identifier of described main frame, then based on described identifier to generate the IPv6 address of described main frame in first network;
Confirm step, when described main frame moves to second network from described first network, whether the identifier server in described main frame and described second network carries out legal with the identifier of the user identity and described main frame of verifying described main frame alternately,
If described user identity and described identifier all legal, then the identifier server in described second network based on described identifier to generate described main frame IPv6 address in the second network;
Wherein, when described main frame accesses to first network from off-line state, the subscriber identity information of self is informed identifier server by the authentication protocol of a safety by described main frame; When described main frame moves to second network from described first network, operated the legitimacy ensureing to continue to use original host identifier by Address Confirmation.
2. host mobility method according to claim 1, is characterized in that, the identifier server in described main frame and described first network carries out mutual to verify in the step whether user identity of described main frame is legal, further comprising the steps:
The subscriber identity information of self is sent to the identifier server in described first network by described main frame;
Identifier server in described first network judge described subscriber identity information whether with the information match in database,
Wherein, if judged result is coupling, then the result is that described user identity is legal; Otherwise the result is that described user identity is illegal.
3. host mobility method according to claim 1, is characterized in that,
Described subscriber identity information is mapped as the character string of preseting length using the identifier as described main frame by the identifier server in described first network.
4. host mobility method according to claim 3, is characterized in that,
The character string of described preseting length is combined with the network prefix of first network generate the IPv6 address of described main frame in first network; Or,
The character string of described preseting length is combined with the network prefix of second network generate described main frame IPv6 address in the second network.
5. host mobility method according to claim 3, it is characterized in that, described subscriber identity information is mapped as the character string of preseting length using in the step of the identifier as described main frame by the identifier server in described first network, further comprising the steps:
MD5 Message Digest 5 is utilized to carry out Hash operation to obtain string of binary characters to described subscriber identity information;
Stochastic generation one key;
Based on described key, from described string of binary characters, choose the string of binary characters equal with described preseting length using the identifier as described main frame, wherein,
Described key is a string of binary characters, and wherein the number of binary number 1 is equal with preseting length.
6. host mobility method according to claim 1, is characterized in that, after the described procedure to apply of execution, also comprises:
Storing step, is stored to the binding relationship of the user identity of the identifier of described main frame and described main frame in database.
7. host mobility method according to claim 6, is characterized in that, the identifier server in described main frame and described second network carries out in the mutual step whether legal with the identifier of the user identity and described main frame of verifying described main frame,
The described subscriber identity information of self and described identifier are sent to the identifier server in described second network by described main frame;
Identifier server in described second network judge the binding relationship of described identifier and described user identity and described subscriber identity information whether with the information match in database,
Wherein, if judged result is coupling, then the result is that described user identity and described identifier are all legal; Otherwise the result is that described user identity and described identifier are illegal.
8. the host mobility method according to any one of claim 1 to 7, is characterized in that, also comprise:
That monitors between described main frame and described identifier server is mutual, and the binding relationship of the IPv6 address that the access device port connect the MAC Address of described main frame, described main frame and described identifier server generate stores.
9. host mobility method according to claim 8, is characterized in that,
When described main frame uses IPv6 address to carry out message communication, whether binding relationship, the IPv6 address detected in described message of the access device port that Host Based MAC Address, main frame connect and the IPv6 address that identifier server generates are forge address, wherein
If testing result is the IPv6 address in described message is forge address, then abandon described message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210254396.3A CN102769621B (en) | 2012-07-20 | 2012-07-20 | Real user identity-oriented host moving method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210254396.3A CN102769621B (en) | 2012-07-20 | 2012-07-20 | Real user identity-oriented host moving method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102769621A CN102769621A (en) | 2012-11-07 |
| CN102769621B true CN102769621B (en) | 2015-03-04 |
Family
ID=47096871
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210254396.3A Active CN102769621B (en) | 2012-07-20 | 2012-07-20 | Real user identity-oriented host moving method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102769621B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112104615B (en) * | 2020-08-24 | 2021-07-20 | 清华大学 | IPv6 address-based file credibility judgment processing method and device |
| CN113311770A (en) * | 2021-06-04 | 2021-08-27 | 国网江苏省电力有限公司管理培训中心 | Intelligent energy information monitoring system for hierarchical classification management |
| CN114338044A (en) * | 2022-01-13 | 2022-04-12 | 王鹏 | Method for verifying identity of network user, storage device and processing device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1929483A (en) * | 2006-09-19 | 2007-03-14 | 清华大学 | Admittance control method for IPv6 switch-in network true source address access |
| CN1937499A (en) * | 2006-10-13 | 2007-03-28 | 清华大学 | Domainname-based unified identification mark and authentication method |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
| CN101729568A (en) * | 2009-12-11 | 2010-06-09 | 北京交通大学 | Safety access system and method for guaranteeing source address authenticity by using token mechanism |
-
2012
- 2012-07-20 CN CN201210254396.3A patent/CN102769621B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1929483A (en) * | 2006-09-19 | 2007-03-14 | 清华大学 | Admittance control method for IPv6 switch-in network true source address access |
| CN1937499A (en) * | 2006-10-13 | 2007-03-28 | 清华大学 | Domainname-based unified identification mark and authentication method |
| CN101729568A (en) * | 2009-12-11 | 2010-06-09 | 北京交通大学 | Safety access system and method for guaranteeing source address authenticity by using token mechanism |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102769621A (en) | 2012-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101160924B (en) | Method for distributing certificates in a communication system | |
| CN100539501C (en) | Unified Identity sign and authentication method based on domain name | |
| CN104145465B (en) | The method and apparatus of bootstrapping based on group in machine type communication | |
| CA2578186C (en) | System and method for access control | |
| CN102045413B (en) | DHT expanded DNS mapping system and method for realizing DNS security | |
| CN102761630B (en) | Real user identity information-oriented IPv6 (Internet Protocol Version 6) address distribution method | |
| CN106851632B (en) | A kind of method and device of smart machine access WLAN | |
| CN101127600B (en) | A method for user access authentication | |
| CN102571591B (en) | Method, edge router and system for realizing marked network communication | |
| CN101599967B (en) | Authorization control method and system based on 802.1x authentication system | |
| WO2007027241A2 (en) | Multi-key cryptographically generated address | |
| US20110078784A1 (en) | Vpn system and method of controlling operation of same | |
| CN102404347A (en) | Mobile internet access authentication method based on public key infrastructure | |
| CN101291216B (en) | P2p network system and authentication method thereof | |
| CN101960814A (en) | IP address delegation | |
| CN102868702B (en) | System login device and system login method | |
| CN101499959A (en) | Method, apparatus and system for configuring cipher key | |
| CN105516980A (en) | Token authentication method for wireless sensor network based on Restful architecture | |
| CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN104468619B (en) | A kind of method and authentication gateway for realizing double stack web authentications | |
| CN112910863A (en) | Network tracing method and system | |
| CN102769621B (en) | Real user identity-oriented host moving method | |
| CN101394395B (en) | Authentication method, system and device | |
| CN105635321A (en) | Registration method for dynamic networking equipment | |
| US20110055571A1 (en) | Method and system for preventing lower-layer level attacks in a network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |